Secure embedded timeline

brianjlowry

One of the features we miss most is the embedded "read-only" timeline view. In working with systems where we had no ability to add HubSpot activities into their system, or when working with systems where the client wants to see latest page views, etc. in the embedded form, this gadget was extremely helpful. Many sales teams do not want another username/password to another system; the read-only view was the perfect solution for that problem.

 

My understanding is that it was removed for lack of security - fair point as it was set up.

 

Perhaps it could be brought back and secured by passing the information through the API along with a signature (much like how webhooks authentication works now with signatures). This signature could be required to be appended to the iframe URL, have a 5 minute timeout, and the remaining information could be passed through the API. This would mean one call for the data instead of trying to recreate it on our own through many different calls on the fly.

 

Thanks for hearing us out!

HubSpot updates
6 Replies
Status updated to: Delivered
Derek_Gervais
HubSpot Employee

Hi @brianjlowry ,

 

The Contact Timeline Embed functionality allows you to embed a contact timeline iframe into an external system. The iframe requires a login; you can find more details here:

 

https://developers.hubspot.com/docs/methods/contacts/contact-timeline-embed

brianjlowry
Top Contributor

Hi @Derek_Gervais,

 

The current login solution doesn't work for our clients' needs. Most of our clients that leveraged this feature are staffing companies, and their recruiters don't want to manage another login (we embed this within their ATS). Additionally, with companies that have upwards of 500 or more potential users, manually managing logins would be a full-time job in of itself.

 

We were hoping that there was a solution that didn't require a login, but could be secured through the API and displayed as needed.

 

Thanks!

brianjlowry
Top Contributor

Hi @Derek_Gervais,

 

Since the solution doesn't meet our needs as laid out in the original and follow-up comment, could you please unmark this as "delivered"?

 

The login is a deal-breaker for all of our clients that use this feature.

 

Thanks! We're really hoping there is another way that won't be too difficult.

Status updated to: Idea Submitted
Derek_Gervais
HubSpot Employee
 
ralphioooo
Participant | Diamond Partner

Need this! Perhaps allow via Oauth or something or some other kinda refresh token.

oytun
Member

Indeed, login is an unnecessary barrier here. Plus, for almost all details, the user still needs to go to Hubspot. They should be able to view the timeline just like in the contact page, with details (e.g., view the note right away without going to Hubspot contact page).